Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

Request: Alternate database unlock methods

2013-08-13
2013-09-29
  • Jason Heddings
    Jason Heddings
    2013-08-13

    Has there been any consideration for creating alternate unlock methods for a database? That might allow for other devices (such as a mobile phone) to provide easier methods for input based on the device. Specifically, I would like the ability to use a pattern (like a 4x4 or 5x5 grid) to unlock from my phone (using MiniKeePass) while still using the passphrase on the computer. Perhaps the database format could allow for multiple unlock methods? I haven't thought through the implementation or security concerns much. Just an idea...

     
  • wellread1
    wellread1
    2013-08-13

    KeePass processes a Master Key into an encryption key. There can only be one encryption key. However it is possible to encrypt a single "Secret Key" (e.g. the Master Key) using multiple different pass-phrases. So what you describe is possible in principal. You would need to write an appropriate plugin to implement a particular scheme.

     
  • iminj
    iminj
    2013-08-13

    On my laptop, I use a long password for the Master Key. It's not too difficult to type error-free on a decent keyboard. KeePass also has Keyfile capability, and I also recently discovered the ability to open the database on my laptop using the Master Password (on the laptop keyboard) + generating a 6 digit Google Authenticator code on my mobile phone - (check thru the forum for the thread.) Seems to be lots of options for the PC version of KeePass.

    On the mobile phone side, I agree with the original poster - entering long, complex passwords is tedious and error-prone. The developer of Keepass2Android (NOT me, by the way), has developed a concept called "Quick Unlock", where you optionally enter only the last 3 or 4 characters of your Master Password to unlock the database. He argues that the risk of this procedure is mitigated by the fact that you only get 1 chance to enter this simple code correctly. If you fail, you then are required to enter the full Master Password. Whether or not you agree with this as a secure methodology - it is refreshing to see some innovation regarding this problem.

     
    Last edit: iminj 2013-08-13
  • Jason
    Jason
    2013-09-29

    Quck unlock would be great for the PC version as well. Mabye the 3 or 4 characters could change in location of the password. EG must input the first 4 characters of the password, must input the first 4 numbers of the password, must input the 5th to 8th characters of the password, etc.

     
    Last edit: Jason 2013-09-29
    • wellread1
      wellread1
      2013-09-29

      If you want implement quick unlock schemes, take a look at the KeeAutoExec and WinKee plugins. The KeePass developer is unlikely to implement additional intermediate security levels beyond the unlocked state (e.g. quick unlock). For discussion see the FAQ entry about specialized spyware.

       
      Last edit: wellread1 2013-09-29